34 matches found
EUVD-2025-5110
Malicious code in bioql PyPI...
EUVD-2024-52227
Malicious code in bioql PyPI...
EUVD-2025-4079
Malicious code in bioql PyPI...
CVE-2024-53982
ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...
CVE-2025-25284
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...
CVE-2025-25284
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...
CVE-2025-25284
CVE-2025-25284 concerns the ZOO-Project WPS implementation. The vulnerability lies in the Gdal_Translate service when processing VRT files: the SourceFilename parameter in VRTRasterBand is not properly sanitized, allowing relative path traversal (../) and enabling an unauthenticated attacker to r...
CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...
CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...
CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...
PT-2025-7067 · Unknown · Zoo-Project
Name of the Vulnerable Software and Affected Versions: ZOO-Project affected versions not specified Description: A vulnerability in the ZOO-Project's WPS implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal Translate...
ZOO-Project 路径遍历漏洞
ZOO-Project is an open source processing platform from ZOO-Project Open Source. ZOO-Project suffers from a path traversal vulnerability that stems from not properly validating a file path. An attacker can read arbitrary files by exploiting this vulnerability...
CVE-2025-25190
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...
CVE-2025-25189
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
CVE-2025-25189
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
CVE-2025-25190
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...
CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...
CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...
CVE-2025-25190
CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...
CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server
The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...